Posts Tagged ‘tech’

Why do governments engage in media censorship and what do they have to gain? Dr. Mehdi Shadmehr from the University of Miami Business school will be on-air to discuss his theories and discoveries. Including, how when nation-wide grievances hit a certain magnitude, heads of state will first releave censorship and then double down.

In case you missed it, the new iPhone went on sale recently. Normally this wouldn’t be even remotely newsworthy, but this iPhone is different: it comes with a fingerprint sensor.

The iPhone 5s (Apple’s latest offering) is able to read and store the fingerprint of the owner and if chosen, other people as well. I can’t possibly be the only one who smells something fishy here: hot on the heels of the Snowden leaks, the new must-have product just so happens to have this technology?

“But so what?” you say. It’s just a fingerprint, and those are taken all the time; for jobs, arrests, etc. so why does this even matter? Personally, I don’t think the actual data does, after all, I just said fingerprints are taken all the time, but this is huge for the “surveillance culture” we have creeping up on us: for the first time ever, there is the widespread use of a technology that uses a genetic marker to identify people on a regular basis. While I’ll admit that “fingerprints” and “genetic marker” generally aren’t lumped together as synonymous, “DNA” and “genetic marker” usually are, and that’s what this technology is paving the way for. That sounds far off into the future, but DNA-verification has been around for a while, it’s only a matter of time before it reaches the general public. What’s more, while it’s not generally accepted that specific genetic information can be reliably determined from a fingerprint, DNA-verification could pave the way for corporations to target ads with precision the likes of which has never been seen before on this Earth. Got a cold? (For those not familiar, the common cold– like any virus– can actually make slight alterations to genes) Your iPhone 151s could one day be offering you coupons for CVS before you know you’re sick.

You might be wondering “what on Earth is a patent troll?”, so I’ll tell you– “patent troll” is a label for any person/company/firm/etc. that makes a business of threatening to people for alleged patent infringement: almost homogeneously, these people buy patents from other companies/inventors with absolutely zero intention of using the patents for anything other than ammunition for litigation (not to be confused with the MPAA, the RIAA, or the copyright system in general). Rather than using patents in their intended manner– to ensure an inventor has time to complete his/her invention– the patent troll uses the temporary legal monopoly granted with a patent as a means to extort money from inventors who come up with new ideas/inventions or extensions on previous ideas/inventions that may at first glance seem similar to the patents which the patent trolls hold. It is estimated that any actual litigation that is brought by patent trolls and does not get settled before a court battle leads to the patent trolls losing over 75% of the time.

The patent trolls are not a new phenomenon, but they certainly have grown to prominence since the rise of big software. Software development is unique in that software’s “life” goes by considerably faster than most physical items and it is often the case that something becomes standardized in a fraction of the time of physical items. This creates the opportunity for mass patent trolling: if someone obtains a patent for a piece of software that has become a standard before the patent has expired, it is incredibly likely that someone somewhere has made an improvement on that standard, and since this improvement was not done by the patent holder, the patent troll has a prime opportunity to launch a legal missile. Another litigation-mongering opportunity occurs when a piece of closed-sourced software (not free for everyone to tinker with) resembling an open-sourced software (free for everyone to tinker with) that is not well known gets a patent, and since the open-sourced software wasn’t patented, the new patent owner can try to sue, even if the closed-source software was developed after the invention or even adoption as a standard.

These scenarios sound perfectly viable for patent trolls, but in reality, the “perfect patent troll situation” rarely occurs. Most often, the later example– of closed-source software patents being used to attack open-sourced software– is the case. Or not at all; sometimes the patent trolls simply choose someone who has just enough money to pay a settlement, but not enough to want to go to war with the patent trolls, which can get pretty costly, easily reaching the millions mark for a regular patent case. This is where the problem lies: the immoral patent trolls lose over 75% of the time, but simply by bringing a suit, they are almost guaranteed a settlement because the target often won’t be able to afford a lawsuit, even if they are innocent.

The solution? Make it so that it’s in the patent trolls best interest to be actually right about bringing a suit. Make it so that the plaintiff pays the fees if the case is found to be a pile of garbage. This would make it so that the average target of the patent trolls would be able to go to court and win ~75% of the time. This isn’t a fix in itself, but it’s a start. To be honest, I think the entire patent system is far outdated and needs to be updated from scratch to the modern world. Somewhere in that reform, I think the best way to stop wrong patent lawsuits is to place risk on the accuser as opposed to how it is now where the risk is all on the defendant. As a side note, it would be nice if there were no software patents, given the building-block nature of software itself, but I seriously doubt that a majority would go along with removing patents for software.

Before I start, here’s a reference for those who aren’t totally sure about what Tor is or how it works–

(Image Credit: EFF)

Near the end of the weekend, somebody (I’ll get to who later) compromised Freedom Hosting, a hosting service that was heavily invested in Tor (The Onion Router). The company was responsible for a huge chunk (about half) of the hidden network’s sites and many of the more well-known ones including Tor Mail, a completely anonymous email service. The details of the attack are starting to be sorted out, but a few facts have already been nailed down. The move comes after Freedom Hosting’s founder, Eric Eoin Marques, was arrested on suspicion of child pornography, so many are speculating that the two events are related.

Tor network was originally conceived by the Navy as a way of anonymizing communications between correspondents, but was abandoned mid-way through development. It was later picked up by DIY-ers and completed into what we see today. Due to the nature of the network, any one user cannot identify another, even for server-client interactions, making a breach of anonymity from the inside near-impossible. The exploit in question was placed on Freedom Hosting’s sites after the company was either seized or otherwise compelled to do so (details unconfirmed at time of writing) and injected a JavaScript executable that made the target send an unencrypted request over HTTP to a specified server in Virginia, exposing the IP address of the user that normally would be impossible to find. Therefore, I’ll admit that the title of this piece is somewhat misleading: the network itself has not been compromised, but the company that hosted a majority of it has.

So: who did it? Many (myself included) initially speculated that the exploit was the work of the FBI, citing the arrest of Eric Marques, and the fact that it’s the FBI’s job (more or less) to take down child pornographers. As the matter was looked into it became apparent that the server receiving the non-encrypted IP addresses was owned by a corporation in Virginia that routinely leases server space to agencies like the FBI and NSA, prompting more speculation. However, at time of writing, nobody has stepped forth to claim credit for the exploit, leading some to wonder if it was a non-official entity. The latest evidence in the exploit points toward its purpose to be solely identifying and not actually hacking, so at this point, it’s anyone’s guess. Hopefully more will become known later this week.

If a state actor is responsible, I seriously question the motives. We can all agree that child pornography and abuse is bad by any measure, but taking down essential services that people the world over use to keep safe from tyranny or even just to keep private is not the way to go about removing it. Take Tor Mail mentioned earlier: with the recent revelation that the NSA is monitoring literally everything on the Internet, is it not reasonable that there was a push towards anonymous encrypted email? Heck, I myself have/had (depending on the outcome of this situation) a Tor Mail for the simple reason that I don’t like being spied on. Even if Eric Marques is guilty of hosting and distributing child pornography, I believe a more effective and efficient way to go after those responsible would have been to target the specific websites which are accused of doing so rather than the entire company that may or may not have hosted them. The FBI has previously been allowed to run a child pornography site before, and doing so in this instance would have made for a much shorter list of names than half of Tor network.

While this story is still developing, I want to end on a slightly inquisitive note: this happened during DEF CON (a hacker’s convention), meaning a good number of the people who bother to look into this kind of thing were busy out of town, and also on the heels of the NSA’s XKeyscore revelation, which “collects nearly everything a user does on the Internet.” These combined make me somewhat suspicious of this incident; more so than I normally would be for a compromise of a major anonymity service.